Added new opencanary rules (RDP, Portscan)

[marcopedrinazzi]

Summary of the Pull Request

Added a few new opencanary rules that detect:

• RDP connection attempts
• Port scans (SYN scan, NMAP OS, FIN, NULL, XMAS scan)

Changelog

new: OpenCanary - RDP New Connection Attempt
new: OpenCanary - Host Port Scan (SYN Scan)
new: OpenCanary - NMAP XMAS Scan
new: OpenCanary - NMAP OS Scan
new: OpenCanary - NMAP NULL Scan
new: OpenCanary - NMAP FIN Scan

Example Log Event

RDP Example:
{"dst_host": "<ip>", "dst_port": 3389, "local_time": "2026-01-05 13:20:45.706133", "local_time_adjusted": "2026-01-05 14:20:45.706183", "logdata": {"USERNAME": "dd"}, "logtype": 14001, "node_id": "opencanary-1", "src_host": "<ip>", "src_port": <port>, "utc_time": "2026-01-05 13:20:45.706178"}

Port scan examples:
{"dst_host": "<ip>", "dst_port": "22", "local_time": "2026-01-05 13:50:30.887236", "local_time_adjusted": "2026-01-05 14:50:30.887280", "logdata": {"FIN": "", "ID": "13602", "IN": "ens33", "LEN": "40", "MAC": "<mac>", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "TOS": "0x00", "TTL": "58", "URGP": "0", "WINDOW": "1024"}, "logtype": 5005, "node_id": "opencanary-1", "src_host": "<ip>", "src_port": "53794", "utc_time": "2026-01-05 13:50:30.887274"}

{"dst_host": "<ip>", "dst_port": "22", "local_time": "2026-01-05 13:53:48.459897", "local_time_adjusted": "2026-01-05 14:53:48.459932", "logdata": {"FIN": "", "ID": "60821", "IN": "ens33", "LEN": "40", "MAC": "<mac>", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "PSH": "", "RES": "0x00", "TOS": "0x00", "TTL": "36", "URG": "", "URGP": "0", "WINDOW": "1024"}, "logtype": 5004, "node_id": "opencanary-1", "src_host": "<ip>", "src_port": "<port>", "utc_time": "2026-01-05 13:53:48.459925"}

Fixed Issues

SigmaHQ Rule Creation Conventions

• If your PR adds new rules, please consider following and applying these conventions